[ mailman-Bugs-777444 ] mailmanctl doesn't setgroups when run as
root
SourceForge.net
noreply at sourceforge.net
Sun Dec 14 12:58:32 EST 2003
Bugs item #777444, was opened at 2003-07-25 06:02
Message generated for change (Comment added) made by bwarsaw
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=777444&group_id=103
Category: security/privacy
Group: 2.1 (stable)
>Status: Closed
>Resolution: Accepted
Priority: 5
Submitted By: Richard Barrett (ppsys)
Assigned to: Nobody/Anonymous (nobody)
Summary: mailmanctl doesn't setgroups when run as root
Initial Comment:
When mailmanctl is executed as root the checkprivs
function performs setgid and setuid to reduce the
process privileges.
But mailmanctl fails to set the supplemental groups of
the process to those of the setuid'ed user, effectively
leaving the
processes with the same group privileges as root and,
potentially, without the group privileges of the
setuid'ed user.
This patch uses os.setgroups() to fix that.
Problem definition and solution by Jonas Meurer.
I'm just filing the bug fix for him.
Apply the patch from within the Mailman build directory
with:
patch -p1 < path-to-patch-file
----------------------------------------------------------------------
>Comment By: Barry A. Warsaw (bwarsaw)
Date: 2003-12-14 12:58
Message:
Logged In: YES
user_id=12800
Accepted for Mailman 2.1.4, with a slight recoding; note
that os.setgroups() isn't available in Python 2.1, which we
still support.
----------------------------------------------------------------------
Comment By: Richard Barrett (ppsys)
Date: 2003-09-30 16:45
Message:
Logged In: YES
user_id=75166
grpsec-2.1.3-0.1.patch is a MM 2.1.3 compatible version of the
patch
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=777444&group_id=103
More information about the Mailman-coders
mailing list